ELK安装部署
###centos 7.2
yum install -y vim wget #rpm -ivh http://indoor.meilele.com/download/centos/jdk-8u101-linux-x64.rpm #java -version ###安装java jdk yum -y install java-1.8.0-openjdk java -version echo "export JAVA_HOME=$(rpm -ql java-1.8.0-openjdk |grep jvm |head -n1 |awk -F '/jre' '{print $1}')" >>/etc/profile echo ' export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export PATH=$PATH:$JAVA_HOME/bin ' >>/etc/profile source /etc/profile echo $JAVA_HOME ################# ######卸载命令 userdel elasticsearch userdel logstash userdel kibana yum remove -y elasticsearch logstash kibana rm -rf /etc/{elasticsearch,logstash,kibana} /etc/yum.repos.d/elk.repo find / \( -name elasticsearch -o -name logstash \) -exec rm -rf {} \; ########## wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/6.7.0/elasticsearch-6.7.0.rpm wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/6.7.0/logstash-6.7.0.rpm wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/6.7.0/kibana-6.7.0-x86_64.rpm rpm -ivh elasticsearch-6.7.0.rpm rpm -ivh logstash-6.7.0.rpm rpm -ivh kibana-6.7.0-x86_64.rpm ############# wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/6.1.0/elasticsearch-6.1.0.rpm rpm -ivh elasticsearch-6.1.0.rpm wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/6.1.0/logstash-6.1.0.rpm rpm -ivh logstash-6.1.0.rpm wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/6.1.0/kibana-6.1.0-x86_64.rpm rpm -ivh kibana-6.1.0-x86_64.rpm ######## systemctl enable elasticsearch systemctl restart elasticsearch systemctl status elasticsearch \cp -f /etc/elasticsearch/elasticsearch.yml{,.bak} grep -Ev "^#|^$" /etc/elasticsearch/elasticsearch.yml.bak >/etc/elasticsearch/elasticsearch.yml echo " network.host: 0.0.0.0 http.port: 9200 bootstrap.memory_lock: false bootstrap.system_call_filter: false cluster.name: log_online node.name: $(hostname) node.master: true node.data: true #path.data: /data/esdata discovery.zen.ping.unicast.hosts: ['172.16.3.232:9300', '172.16.3.233:9300', '172.16.3.234:9300','172.16.3.235:9300'] " >>/etc/elasticsearch/elasticsearch.yml systemctl restart elasticsearch systemctl status elasticsearch ps -ef |grep java netstat -lntp |grep java ####健康检查 curl 'localhost:9200/_cluster/health?pretty' #####集群详细信息 curl 'localhost:9200/_cluster/state?pretty' ########################################elasticsearch-head yum install -y git npm #安装grunt命令行工具grunt-cli npm install -g grunt-cli #安装grunt及其插件 npm install grunt --save-dev #查看安装版本情况 grunt -version ####下载并安装elasticsearch-head # 选择一个目录下执行下面命令,别把head插件clone后放到 elasticsearch的plugins目录下,否则会报错 #git下载 git clone git://github.com/mobz/elasticsearch-head.git #进入目录 cd elasticsearch-head # 如果npm使用很多错误,尝试使用cnpm npm install #######npm ERR! phantomjs-prebuilt@2.1.16 install: `node install.js` ###npm -g install phantomjs-prebuilt@2.1.16 --ignore-script #安装grunt到模块中并保存 npm install grunt --save ####修改elasticsearch 安装目录下的config/elasticsearch.yml echo ' http.cors.enabled: true http.cors.allow-origin: "*" ' >>/etc/elasticsearch/elasticsearch.yml ##npm run start ##sed -i '/port:/ i hostname : "*",' Gruntfile.js #echo "cd $(pwd);grunt server &" >>/etc/rc.local cd elasticsearch-head ;grunt server & systemctl restart elasticsearch ################################## logstash #日志收集节点 systemctl enable logstash systemctl restart logstash ###172.16.3.64 - - [15/Oct/2019:13:00:00 +0800] "GET /favicon.ico HTTP/1.1" 404 555 "http://172.16.3.232/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" "-" echo ' input { file { path => "/var/log/nginx/access.log" start_position => "beginning" type => "nginx" } } filter { grok { match => { "message" => "%{IP:clientip} - %{USER:user} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" %{NUMBER:response} (?:%{NUMBER:bytes_read}|-) \"%{DATA:referrer}\" \"%{DATA:agent}\" \"%{DATA:xforwardedfor}\""} } geoip { source => "clientip" } } output { stdout { codec => rubydebug } elasticsearch { hosts => ["172.16.3.232:9200"] index => "nginx-test-%{+YYYY.MM.dd}" } } ' >/etc/logstash/conf.d/nginx.conf systemctl restart logstash systemctl status logstash ###########################kibana \cp /etc/kibana/kibana.yml{,.bak} echo ' server.host: 0.0.0.0 elasticsearch.url: "http://localhost:9200" logging.dest: /var/log/kibana.log ' >/etc/kibana/kibana.yml grep -Ev '^#|^$' /etc/kibana/kibana.yml touch /var/log/kibana.log chmod 777 /var/log/kibana.log systemctl enable kibana systemctl restart kibana systemctl status kibana netstat -lntp |grep node ####http://172.16.3.232:5601 浏览器上访问 http://172.16.3.232:5601/app/kibana ############################### nginx rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm yum install -y nginx systemctl start nginx.service systemctl enable nginx.service sed -i "s/Welcome to nginx/Welcome to nginx $(hostname)/g" /usr/share/nginx/html/index.html ####kibana 6.7以上汉化可用下面命令 echo 'i18n.locale: "zh-CN"' >>/etc/kibana/kibana.yml systemctl restart kibana systemctl status kibana